Boston CodeCamp 21

Earlier today, I presented at Boston Code Camp 21 on Hacking Your Own Website. In the presentation, I took the audience through a demonstration of my approach to using BurpSuite to enumerate a website and to find potential exploitation points. I also briefly went into some of the other functionality that Burp offers such as the Intruder and Repeater tools. I also briefly demonstrated the scanner. My thought was that they would most likely be using the free version for a bit before purchasing a license (if at all), so I wanted to make sure I got enough of the other functionality in there.

For the demonstration I used the Drunk Admin Web Hacking Challenge
VMWare image as a target.

Demonstrations can eat up time so I wasn’t able to get through the entire challenge set. I was taking questions throughout so that slowed it down a bit, but I would rather answer questions than just get through the content and not have anyone coming away from the presentation learning anything.

I think it is important for security people to break out and present at (or just attend) conferences that are primarily focused on security. This makes us much more rounded individuals as well as allowing us to transfer knowledge to developers, managers and others who may not get to the security conferences or even better, disseminate proper advice and knowledge to those that may only be getting their security information through a vendor or what they read on some of the generalist news sites.

Overall I thought it went well and had a good time with it.

The Impress.js source of the presentation can be found at GitHub.

Attending HOPE X

It is official!

I will be attending HOPE X this July with the TOOOL gang.
Earlier this year I had thought about attending since it is in New York City and is an easy drive from where I live. However, I had decided not to since it can be difficult with child care and getting time etc., especially when I
will be on the road a good deal in August for Security BSidesLV and DEF CON.

However, the PWM-TOOOL chapter was asked if we could assist with the TOOOL setup and helping out in the Village during the conference, so how could I resist? It just so happened that all things just came together to make it easy for us to attend.

I have been a long time reader of 2600 and the 2600 meetings that I attended in Minneapolis when I was younger were influential in my choices that lead me to where I am today. I think I was about fourteen at my first 2600 meeting in the Mall of America food court and while I don’t really remember any of the people that were present, I do remember a lot of the conversations, arguments and interests.

Needless to say I am definitely looking forward to my first HOPE.